{"vulnerability": "CVE-2022-3061", "sightings": [{"uuid": "5f00e1ce-b65e-4515-be16-6697fe622441", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30614", "type": "seen", "source": "https://t.me/cibsecurity/49192", "content": "\u203c CVE-2022-30614 \u203c\n\nIBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to a denial of service via email flooding caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available CPU resources. IBM X-Force ID: 227591.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-01T22:38:37.000000Z"}, {"uuid": "1b510e6e-15cb-451e-8a8d-d993694658d5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30613", "type": "seen", "source": "https://t.me/cibsecurity/50995", "content": "\u203c CVE-2022-30613 \u203c\n\nIBM QRadar SIEM 7.4 and 7.5 could disclose sensitive information via a local service to a privileged user. IBM X-Force ID: 227366.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-07T20:17:25.000000Z"}, {"uuid": "4da21e2f-4130-47e8-80a6-9ca7d8810cc4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30611", "type": "seen", "source": "https://t.me/cibsecurity/44208", "content": "\u203c CVE-2022-30611 \u203c\n\nIBM Spectrum Copy Data Management 2.2.0.0 through 2.2.15.0 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using some fields of the form in the portal UI to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. IBM X-Force ID: 227364.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-10T20:34:38.000000Z"}, {"uuid": "fc66149c-a5ba-48b1-bf62-d4f6a3b02cab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3061", "type": "seen", "source": "https://t.me/cibsecurity/49186", "content": "\u203c CVE-2022-3061 \u203c\n\nFound Linux Kernel flaw in the i740 driver. The Userspace program could pass any values to the driver through ioctl() interface. The driver doesn't check the value of 'pixclock', so it may cause a divide by zero error.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-01T22:38:30.000000Z"}, {"uuid": "78dd9f91-b69e-4b38-a5bf-02481c82c319", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30610", "type": "seen", "source": "https://t.me/cibsecurity/44212", "content": "\u203c CVE-2022-30610 \u203c\n\nIBM Spectrum Copy Data Management 2.2.0.0 through 2.2.15.0 is vulnerable to reverse tabnabbing where it could allow a page linked to from within IBM Spectrum Copy Data Management to rewrite it. An administrator could enter a link to a malicious URL that another administrator could then click. Once clicked, that malicious URL could then rewrite the original page with a phishing page. IBM X-Force ID: 227363.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-10T20:34:42.000000Z"}, {"uuid": "6f3c56d4-00d7-4aea-90f8-2538968050b1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30617", "type": "seen", "source": "https://t.me/cibsecurity/42994", "content": "\u203c CVE-2022-30617 \u203c\n\nAn authenticated user with access to the Strapi admin panel can view private and sensitive data, such as email and password reset tokens, for other admin panel users that have a relationship (e.g., created by, updated by) with content accessible to the authenticated user. For example, a low-privileged \u00e2\u20ac\u0153author\u00e2\u20ac\ufffd role account can view these details in the JSON response for an \u00e2\u20ac\u0153editor\u00e2\u20ac\ufffd or \u00e2\u20ac\u0153super admin\u00e2\u20ac\ufffd that has updated one of the author\u00e2\u20ac\u2122s blog posts. There are also many other scenarios where such details from other users can leak in the JSON response, either through a direct or indirect relationship. Access to this information enables a user to compromise other users\u00e2\u20ac\u2122 accounts by successfully invoking the password reset workflow. In a worst-case scenario, a low-privileged user could get access to a \u00e2\u20ac\u0153super admin\u00e2\u20ac\ufffd account with full control over the Strapi instance, and could read and modify any data as well as block access to both the admin panel and API by revoking privileges for all other users.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-19T22:29:47.000000Z"}, {"uuid": "87f45399-20ab-484f-9283-9cd47d4ae112", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30618", "type": "seen", "source": "https://t.me/cibsecurity/42998", "content": "\u203c CVE-2022-30618 \u203c\n\nAn authenticated user with access to the Strapi admin panel can view private and sensitive data, such as email and password reset tokens, for API users if content types accessible to the authenticated user contain relationships to API users (from:users-permissions). There are many scenarios in which such details from API users can leak in the JSON response within the admin panel, either through a direct or indirect relationship. Access to this information enables a user to compromise these users\u00e2\u20ac\u2122 accounts if the password reset API endpoints have been enabled. In a worst-case scenario, a low-privileged user could get access to a high-privileged API account, and could read and modify any data as well as block access to both the admin panel and API by revoking privileges for all other users.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-19T22:29:51.000000Z"}]}